Lucene search
PRIOn knowledge basePRION:CVE-2016-4423HistoryJun 01, 2016 - 10:59 p.m.
Authentication flaw
2016-06-0122:59:00
PRIOn knowledge base
www.prio-n.com
3
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.
Related
friendsofphp
friendsofphp
CVE-2016-4423: Large username storage in session
2016-05-09 21:13:10
CVE-2016-4423: Large username storage in session
2016-05-09 21:13:10
CVE-2016-4423: Large username storage in session
2016-05-09 21:13:10
nvd
nvd
CVE-2016-4423
2016-06-01 22:59:02
cvelist
cvelist
CVE-2016-4423
2016-06-01 22:00:00
debiancve
debiancve
CVE-2016-4423
2016-06-01 22:59:02
veracode
veracode
Denial Of Service (DoS)
2017-07-26 21:16:09
symfony
symfony
CVE-2016-4423: Large username storage in session
2016-05-09 00:00:00
github
github
Symphony Denial of Service Via Overlong Usernames
2022-05-17 03:54:47
ubuntucve
ubuntucve
CVE-2016-4423
2016-06-01 00:00:00
cve
cve
CVE-2016-4423
2016-06-01 22:59:02
osv
osv
Symphony Denial of Service Via Overlong Usernames
2022-05-17 03:54:47
symfony - security update
2016-05-29 00:00:00
debian
debian
[SECURITY] [DSA 3588-1] symfony security update
2016-05-29 17:53:59
[SECURITY] [DSA 3588-1] symfony security update
2016-05-29 17:53:59
openvas
openvas
Debian: Security Advisory (DSA-3588-1)
2016-05-28 00:00:00
Debian Security Advisory DSA 3588-1 (symfony - security update)
2016-05-29 00:00:00
nessus
nessus
Debian DSA-3588-1 : symfony - security update
2016-05-31 00:00:00